Why does Excel not trust my code sign signature?

Question

I sign my VBA project inside of my excel workbook with this tutorial because doing it the usual way in the "VBA IDE" inside of Excel it fails: https://support.microsoft.com/en-us/topic/upgrade-signed-office-vba-macro-projects-to-v3-signature-kb5000676-2b8b3cae-ad64-4b4b-aa85-c4a98ca6da87

The command I run to sign my project is offsign.bat "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\" "sign /tr http://time.certum.pl /a /fd SHA256" "verify /pa" "C:\Users\MYUSER\Desktop\FILE.xlsm". I sign it with my CodeSign certificate which I bought from Certum.

After signing and verifying by Microsoft's own batch script, I want to see what the end user would get and open my workbook. What Excel reports back is the issue that the signature is valid, but not trusted even if it is a code signing certificate and the CA is present and trusted. To check back if the issue is the KPI or Windows, I coded a small Windows Forms application and signed it which works flawlessly.

If I try to pull more details, I get as mention the issue with the not trusted certificate issuer (in German, bold text above file path).

Opening the dialog to get signature details, I get these bits of information.

What did I miss or what do I have to do so Excel trusts my signature?

Answer 1

Excel does not (unfortunately) automatically trust code-signed files. You have to add the publisher to the list of trusted publishers.